vlib/crypto/bcrypt: Add bcrypt (#12595)
parent
f72d001db5
commit
783aba4552
|
@ -0,0 +1,182 @@
|
|||
module bcrypt
|
||||
|
||||
import encoding.base64
|
||||
import crypto.rand
|
||||
import crypto.blowfish
|
||||
|
||||
pub const (
|
||||
min_cost = 4
|
||||
max_cost = 31
|
||||
default_cost = 10
|
||||
solt_length = 16
|
||||
max_crypted_hash_size = 23
|
||||
encoded_salt_size = 22
|
||||
encoded_hash_size = 31
|
||||
min_hash_size = 59
|
||||
|
||||
major_version = '2'
|
||||
minor_version = 'a'
|
||||
)
|
||||
|
||||
pub struct Hashed {
|
||||
mut:
|
||||
hash []byte
|
||||
salt []byte
|
||||
cost int
|
||||
major string
|
||||
minor string
|
||||
}
|
||||
|
||||
const magic_cipher_data = [byte(0x4f727068), 0x65616e42, 0x65686f6c, 0x64657253, 0x63727944,
|
||||
0x6f756274]
|
||||
|
||||
pub fn generate_from_password(password []byte, cost int) ?string {
|
||||
mut p := new_from_password(password, cost) or { return error('Error: $err') }
|
||||
|
||||
return string(p.hash_byte())
|
||||
}
|
||||
|
||||
pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
|
||||
mut p := new_from_hash(hashed_password) or { return error('Error: $err') }
|
||||
p.salt << '=='.bytes()
|
||||
other_hash := bcrypt(password, p.cost, p.salt) or { return error('err') }
|
||||
|
||||
mut other_p := Hashed{
|
||||
hash: other_hash
|
||||
salt: p.salt
|
||||
cost: p.cost
|
||||
major: p.major
|
||||
minor: p.minor
|
||||
}
|
||||
|
||||
if string(p.hash_byte()) != string(other_p.hash_byte()) {
|
||||
return error('mismatched hash and password')
|
||||
}
|
||||
}
|
||||
|
||||
pub fn generate_salt() string {
|
||||
randbytes := rand.read(bcrypt.solt_length) or { panic(err) }
|
||||
return randbytes.bytestr()
|
||||
}
|
||||
|
||||
fn new_from_password(password []byte, cost int) ?&Hashed {
|
||||
mut cost_ := cost
|
||||
if cost < bcrypt.min_cost {
|
||||
cost_ = bcrypt.default_cost
|
||||
}
|
||||
mut p := Hashed{}
|
||||
p.major = bcrypt.major_version
|
||||
p.minor = bcrypt.minor_version
|
||||
|
||||
if cost_ < bcrypt.min_cost || cost_ > bcrypt.max_cost {
|
||||
return error('invalid cost')
|
||||
}
|
||||
p.cost = cost_
|
||||
|
||||
p.salt = base64.encode(generate_salt().bytes()).bytes()
|
||||
hash := bcrypt(password, p.cost, p.salt) or { return err }
|
||||
p.hash = hash
|
||||
return &p
|
||||
}
|
||||
|
||||
fn new_from_hash(hashed_secret []byte) ?&Hashed {
|
||||
mut tmp := hashed_secret.clone()
|
||||
if tmp.len < bcrypt.min_hash_size {
|
||||
return error('hash to short')
|
||||
}
|
||||
|
||||
mut p := Hashed{}
|
||||
mut n := p.decode_version(tmp) or { return err }
|
||||
tmp = tmp[n..]
|
||||
|
||||
n = p.decode_cost(tmp) or { return err }
|
||||
tmp = tmp[n..]
|
||||
|
||||
p.salt = tmp[..bcrypt.encoded_salt_size].clone()
|
||||
p.hash = tmp[bcrypt.encoded_salt_size..].clone()
|
||||
|
||||
return &p
|
||||
}
|
||||
|
||||
fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
|
||||
mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
|
||||
cipher_data << bcrypt.magic_cipher_data
|
||||
|
||||
mut bf := expensive_blowfish_setup(password, u32(cost), salt) or { return err }
|
||||
|
||||
for i := 0; i < 24; i += 8 {
|
||||
for j := 0; j < 64; j++ {
|
||||
bf.encrypt(mut cipher_data[i..i + 8], cipher_data[i..i + 8])
|
||||
}
|
||||
}
|
||||
|
||||
hsh := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
|
||||
return hsh.bytes()
|
||||
}
|
||||
|
||||
fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish {
|
||||
csalt := base64.decode(salt.bytestr())
|
||||
|
||||
mut bf := blowfish.new_salted_cipher(key, csalt) or { return err }
|
||||
|
||||
mut i := u64(0)
|
||||
mut rounds := u64(0)
|
||||
rounds = 1 << cost
|
||||
for i = 0; i < rounds; i++ {
|
||||
blowfish.expand_key(key, mut bf)
|
||||
blowfish.expand_key(csalt, mut bf)
|
||||
}
|
||||
|
||||
return &bf
|
||||
}
|
||||
|
||||
fn (mut h Hashed) hash_byte() []byte {
|
||||
mut arr := []byte{len: 60, init: 0}
|
||||
arr[0] = '$'.bytes()[0]
|
||||
arr[1] = h.major.bytes()[0]
|
||||
mut n := 2
|
||||
if h.minor != '0' {
|
||||
arr[2] = h.minor.bytes()[0]
|
||||
n = 3
|
||||
}
|
||||
arr[n] = '$'.bytes()[0]
|
||||
n++
|
||||
copy(arr[n..], '${int(h.cost):02}'.bytes())
|
||||
n += 2
|
||||
arr[n] = '$'.bytes()[0]
|
||||
n++
|
||||
copy(arr[n..], h.salt)
|
||||
n += bcrypt.encoded_salt_size
|
||||
copy(arr[n..], h.hash)
|
||||
n += bcrypt.encoded_hash_size
|
||||
return arr[..n]
|
||||
}
|
||||
|
||||
fn (mut h Hashed) decode_version(sbytes []byte) ?int {
|
||||
if sbytes[0] != '$'.bytes()[0] {
|
||||
return error("bcrypt hashes must start with '$'")
|
||||
}
|
||||
if sbytes[1] != bcrypt.major_version.bytes()[0] {
|
||||
return error('bcrypt algorithm version $bcrypt.major_version')
|
||||
}
|
||||
h.major = sbytes[1].ascii_str()
|
||||
mut n := 3
|
||||
if sbytes[2] != '$'.bytes()[0] {
|
||||
h.minor = sbytes[2].ascii_str()
|
||||
n++
|
||||
}
|
||||
return n
|
||||
}
|
||||
|
||||
fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
|
||||
cost := string(sbytes[0..2]).int()
|
||||
check_cost(cost) or { return err }
|
||||
h.cost = cost
|
||||
return 3
|
||||
}
|
||||
|
||||
fn check_cost(cost int) ? {
|
||||
if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
|
||||
return error('invalid cost')
|
||||
}
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
import crypto.bcrypt
|
||||
|
||||
fn test_crypto_bcrypt() {
|
||||
hash := bcrypt.generate_from_password('password'.bytes(), 10) or { panic(err) }
|
||||
|
||||
bcrypt.compare_hash_and_password('password'.bytes(), hash.bytes()) or { panic(err) }
|
||||
|
||||
bcrypt.compare_hash_and_password('password2'.bytes(), hash.bytes()) or {
|
||||
assert err == error('mismatched hash and password')
|
||||
}
|
||||
}
|
|
@ -0,0 +1,142 @@
|
|||
module blowfish
|
||||
|
||||
pub fn expand_key(key []byte, mut bf Blowfish) {
|
||||
mut j := 0
|
||||
for i := 0; i < 18; i++ {
|
||||
mut d := u32(0)
|
||||
for k := 0; k < 4; k++ {
|
||||
d = d << 8 | u32(key[j])
|
||||
j++
|
||||
if j >= key.len {
|
||||
j = 0
|
||||
}
|
||||
}
|
||||
bf.p[i] ^= d
|
||||
}
|
||||
|
||||
mut l := u32(0)
|
||||
mut r := u32(0)
|
||||
for i := 0; i < 18; i += 2 {
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.p[i], bf.p[i + 1] = arr[0], arr[1]
|
||||
}
|
||||
|
||||
for i := 0; i < 256; i += 2 {
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[0][i], bf.s[0][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
for i := 0; i < 256; i += 2 {
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[1][i], bf.s[1][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
for i := 0; i < 256; i += 2 {
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[2][i], bf.s[2][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
for i := 0; i < 256; i += 2 {
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[3][i], bf.s[3][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
}
|
||||
|
||||
pub fn expand_key_with_salt(key []byte, salt []byte, mut bf Blowfish) {
|
||||
mut j := 0
|
||||
for i := 0; i < 18; i++ {
|
||||
bf.p[i] ^= get_next_word(key, &j)
|
||||
}
|
||||
|
||||
j = 0
|
||||
|
||||
mut l := u32(0)
|
||||
mut r := u32(0)
|
||||
for i := 0; i < 18; i += 2 {
|
||||
l ^= get_next_word(key, &j)
|
||||
r ^= get_next_word(key, &j)
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.p[i], bf.p[i + 1] = arr[0], arr[1]
|
||||
}
|
||||
|
||||
for i := 0; i < 256; i += 2 {
|
||||
l ^= get_next_word(key, &j)
|
||||
r ^= get_next_word(key, &j)
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[0][i], bf.s[0][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
for i := 0; i < 256; i += 2 {
|
||||
l ^= get_next_word(key, &j)
|
||||
r ^= get_next_word(key, &j)
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[1][i], bf.s[1][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
for i := 0; i < 256; i += 2 {
|
||||
l ^= get_next_word(key, &j)
|
||||
r ^= get_next_word(key, &j)
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[2][i], bf.s[2][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
for i := 0; i < 256; i += 2 {
|
||||
l ^= get_next_word(key, &j)
|
||||
r ^= get_next_word(key, &j)
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
bf.s[3][i], bf.s[3][i + 1] = arr[0], arr[1]
|
||||
}
|
||||
}
|
||||
|
||||
fn encrypt_block(l u32, r u32, mut bf Blowfish) []u32 {
|
||||
mut xl := l
|
||||
mut xr := r
|
||||
xl ^= bf.p[0]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[1]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[2]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[3]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[4]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[5]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[6]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[7]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[8]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[9]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[10]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[11]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[12]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[13]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[14]
|
||||
xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
|
||||
bf.s[3][byte(xl)] ^ bf.p[15]
|
||||
xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
|
||||
bf.s[3][byte(xr)] ^ bf.p[16]
|
||||
xr ^= bf.p[17]
|
||||
return [xl, xr]
|
||||
}
|
||||
|
||||
fn get_next_word(b []byte, pos &int) u32 {
|
||||
mut w := u32(0)
|
||||
mut j := 0
|
||||
unsafe {
|
||||
j = *pos
|
||||
}
|
||||
for i := 0; i < 4; i++ {
|
||||
w = w << 8 | u32(b[j])
|
||||
j++
|
||||
if j >= b.len {
|
||||
j = 0
|
||||
}
|
||||
}
|
||||
unsafe {
|
||||
*pos = j
|
||||
}
|
||||
return w
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
module blowfish
|
||||
|
||||
pub struct Blowfish {
|
||||
pub mut:
|
||||
p [18]u32
|
||||
s [4][256]u32
|
||||
}
|
||||
|
||||
pub fn new_cipher(key []byte) ?Blowfish {
|
||||
mut bf := Blowfish{p, s}
|
||||
if key.len < 1 || key.len > 56 {
|
||||
return error('invalid key')
|
||||
}
|
||||
expand_key(key, mut bf)
|
||||
|
||||
return bf
|
||||
}
|
||||
|
||||
pub fn new_salted_cipher(key []byte, salt []byte) ?Blowfish {
|
||||
if salt.len == 0 {
|
||||
return new_cipher(key)
|
||||
}
|
||||
mut bf := Blowfish{p, s}
|
||||
if key.len < 1 {
|
||||
return error('invalid key')
|
||||
}
|
||||
expand_key_with_salt(key, salt, mut bf)
|
||||
return bf
|
||||
}
|
||||
|
||||
pub fn (mut bf Blowfish) encrypt(mut dst []byte, src []byte) {
|
||||
l := u32(src[0]) << 24 | u32(src[1]) << 16 | u32(src[2]) << 8 | u32(src[3])
|
||||
r := u32(src[4]) << 24 | u32(src[5]) << 16 | u32(src[6]) << 8 | u32(src[7])
|
||||
arr := encrypt_block(l, r, mut bf)
|
||||
dst[0], dst[1], dst[2], dst[3] = byte(arr[0] >> 24), byte(arr[0] >> 16), byte(arr[0] >> 8), byte(arr[0])
|
||||
dst[4], dst[5], dst[6], dst[7] = byte(arr[1] >> 24), byte(arr[1] >> 16), byte(arr[1] >> 8), byte(arr[1])
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
import crypto.blowfish
|
||||
import encoding.base64
|
||||
|
||||
fn test_crypto_blowfish() {
|
||||
key := 'password'.bytes()
|
||||
csalt := base64.decode('an2da3dn')
|
||||
bf := blowfish.new_salted_cipher(key, csalt) or { panic(err) }
|
||||
}
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue